How To Become a Network Nazi

Ever since my blog picked up traffic, I found an increasing number of spammers on it. In mostly manual labor they post comments to existing entries, either just to vandalize or to promote external websites.

Some try to be clevery cloaked, mostly with phrases like this:

Very good blog entry! Thx!

and then having the promoted link under the signature. Difficult to spot. Really.

But for me it means that I have to scan my blog on a regular basis. Well, I have to do that anyway, just to respond to your comments, my little possums.

To delete 5 or more chinese verbal excrements for herbal ingredients does not count to my favourite spare time activities. This is why I have started to block IP addresses, sometimes even small /24 networks (in CIDR speak).

This was very effective with russian, specifically ukraine spamming networks. They were using whole server farms. Easy to spot, easy block.

It also hurt the individual chinese spammer. But there seem to be a lot of them, so I started quickly to block /16 addresses, moving then to even larger blocks.

Now I am not looking for the smallest IP block, I am looking for the biggest. And I do not shy away to block /8 networks. That's on a continent level, yes. And there are only 127 of these on this planet. Draconian, I know.

Today I doubt that someone east to the Ural can access this blog. My personal Chinese Wall. India I spared (as few spam originates from there), and so I spared Australia (but that for other reasons).

So if you read this, little spammer, namely that you cannot read this, it is exactly because of you.

Ah ja: Nothing personal.

Posted In

Me feels grateful for

Me feels grateful for knowing how to use TOR... :)
Greetings, spambot #16.

Little Spammer (not verified) | Thu, 03/05/2009 - 21:54

Re: spambot

So I blocked your network too. How unclever to reveal yourself! >;->

rho | Fri, 03/06/2009 - 09:08

Re: Tor

Possible, but unlikely.

It is quite untorish to give you the same exit nodes over the course of several days, right?

And I doubt that there are many tor exits in China, right?

And spamming is much about speed. Tor does not help here.

rho | Fri, 03/06/2009 - 09:11

CAPTCHAs to the rescue?

Maybe image- and/or audio-based CAPTCHAs instead of parseable text-based questions could help reduce spam (and using, e.g., the reCAPTCHA service for that even supports a good cause, additionally).
However, this would mainly be helpful against automated spamming attacks as opposed to the annoying manual kind.

robi42 (not verified) | Thu, 03/05/2009 - 22:21

CAPTCHAs didnt work for me

I have a PHPForum that uses CAPTCHAs but even on the highest settings the spammers get through it, I had to make my own math question like this blog has to make it stop. Its crazy because I myself can hardly read it at the highest settings.

Inge Henriksen (not verified) | Fri, 03/06/2009 - 00:28

Re: CAPTCHAs to the rescue?

I am reluctant to use stronger mathematical CAPTCHAs.

It is documented that Australian HR directors already struggle with simple questions regarding natural numbers and infix binary operators.

I do not want to loose my Australian audience, so I do not want to push the envelope to much.

But maybe I should spend some time to see whether there is a Drupal module for reCAPTCHA.

rho | Fri, 03/06/2009 - 09:17


Check out Mollom. It's painless to install and there is a Drupal module for it.

scor (not verified) | Tue, 03/10/2009 - 16:50

Re: Mollom

Check out Mollom.

Aahhh. A machine learning solution. MUCH better than these honeypot thingies.

Thx scor! Will check out.

rho | Tue, 03/10/2009 - 17:28
rho | Mon, 03/16/2009 - 20:42

Wizcrafts publishes IP blocklists

I read this article after getting a Google alert about my website being listed here.

I want you all to know that I maintain and publish four IP blocklists (currently), in two formats each.

.htaccess, for shared hosting websites and iptables for those with root access. These are for use on Apache web servers running on *nix platforms only.

The current four blocklists are: Chinese/Korean, Exploited Servers, Nigerian/African and Russian/Turkish.

Here is a link for the .htaccess blocklists:

Here is a link for my iptables blocklists:


Wizcrafts (not verified) | Tue, 03/17/2009 - 17:14

Re: Wizcrafts publishes IP blocklists

Yup, duly noted. Thanks for your work!

Whenever I have some time spare I will switch to one of the blocklist providers.

The other alternative I am considering is more insidious. And I like being insidious...

rho | Tue, 03/17/2009 - 17:33